That would be FUD. Rent-a-center and Six Flags should be doing cleanup for investor relations that these guys are their CIOs and are so clueless. The REAL concern is that people who know so little about technology are getting involved in security decisions. These companies should be seriously concerned about who has risen in their ranks and is now running the show without the skills and experience that most companies of their size would expect from their mid-level IT staff.

Even the A+ requires that you understand physical security.

Most of the concerns here are ones that exist identically in a physical environment. Things like "IT staff can do things they aren't allowed to". Really? This just occurred to you? How does virtualization make that a serious threat that you didn't have before?

That would be FUD. Rent-a-center and Six Flags should be doing cleanup for investor relations that these guys are their CIOs and are so clueless. The REAL concern is that people who know so little about technology are getting involved in security decisions. These companies should be seriously concerned about who has risen in their ranks and is now running the show without the skills and experience that most companies of their size would expect from their mid-level IT staff.

Even the A+ requires that you understand physical security.

Most of the concerns here are ones that exist identically in a physical environment. Things like "IT staff can do things they aren't allowed to". Really? This just occurred to you? How does virtualization make that a serious threat that you didn't have before?

While I agree with you, I think it is great. If these are the "Premier 100 IT Leaders" it makes some of the rest of us look pretty good. I may not be a CIO or CTO, but I understand the importance of physical security and the flaws in many of the premise provided.

@Scott...ditto...while we're at it let's not encrypt backup tapes before taking them offsite, because who would want a box full of "used" tapes that only contain tons of SQL data on patient information??? We'll also enable straight telnet on all our routers and switches because it's so much work to maintain ssh...sheesh...

While I agree with you, I think it is great. If these are the "Premier 100 IT Leaders" it makes some of the rest of us look pretty good. I may not be a CIO or CTO, but I understand the importance of physical security and the flaws in many of the premise provided.

Hardly Premier 100 IT leaders, lol. These are not firms known for IT or good management. Six Flags is the nasty, dirty cheap theme parks here in the states. Rent-a-center is the rent to own furniture company specializing in very cheap stuff for people who can't get credit. Neither company would be considered very respectable and apparently they don't attract top talent either ;)

So let's look at it from a different angle, a company is so afraid of virtual servers being stolen that they do everything on physical boxes. So an untrustworthy admin runs a P2V tool and walks out with virtual "rogue" servers on an external hard drive.

Or worse yet an ordinary employee just copies everything they have access to on the file servers.

IT admins can do a lot of things that we shouldn't do, but real IT professionals don't, we use our power responsibily. A company would be better off spending the money they save going virtual putting in place better security auditing and better hiring practices.

With the new virtualization technologies your billion dollar servers can be carried away in the pocket of any disgruntled employee (Cut to video of Geek Squad like tech with a keychain of usb drives, then windows 3.11 progress bars of file copy operations sending vmdx files to foreign interests really quickly)

With the new virtualization technologies your billion dollar servers can be carried away in the pocket of any disgruntled employee (Cut to video of Geek Squad like tech with a keychain of usb drives, then windows 3.11 progress bars of file copy operations sending vmdx files to foreign interests really quickly)

Security is important. Justin had a good comment about taking our job as a professional seriosly, meaning that we owe our employer the best advice and ethics that we can possibly give with no excuses. We all make mistakes but only once, IMHO.

A lot of publications are trying to get anyone from big companies to respond from their articles, just so it looks like a big deal. It seems like a lot of publications don't real;ize we are smart enough to do some research before going - I want to be like them.

Scott Alan Miller wrote:

PSX_Defector wrote:

Scott Alan Miller wrote:

Neither company would be considered very respectable and apparently they don't attract top talent either ;)